package org.glite.security.trustmanager;

import java.math.BigInteger;
import java.security.Principal;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Iterator;
import java.util.Set;
import java.util.Vector;
import org.apache.log4j.Logger;

/* loaded from: input_file:org/glite/security/trustmanager/CRLCertChecker.class */
public class CRLCertChecker extends PKIXCertPathChecker {
    private static final Logger LOGGER = Logger.getLogger(CRLCertChecker.class.getName());
    private Vector m_crls;
    private boolean m_crlRequired;

    public CRLCertChecker(Vector vector, boolean z) {
        this.m_crlRequired = false;
        this.m_crls = vector;
        this.m_crlRequired = z;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void check(Certificate certificate, Collection collection) throws CertPathValidatorException {
        Iterator it = this.m_crls.iterator();
        if (!(certificate instanceof X509Certificate)) {
            LOGGER.error("Error: non-X509 certificate given as an argument");
            throw new CertPathValidatorException("Error: non-X509 certificate given as an argument");
        }
        X509Certificate x509Certificate = (X509Certificate) certificate;
        Principal issuerDN = x509Certificate.getIssuerDN();
        BigInteger serialNumber = x509Certificate.getSerialNumber();
        try {
            LOGGER.debug("Checking certificate " + x509Certificate.getSubjectDN().getName() + " with serial " + serialNumber);
            while (it.hasNext()) {
                X509CRL x509crl = (X509CRL) it.next();
                if (x509crl.getIssuerDN().equals(issuerDN)) {
                    LOGGER.debug("CRL found from " + issuerDN.getName());
                    if (x509crl.getRevokedCertificate(serialNumber) != null) {
                        LOGGER.info("The certificate is revoked by " + issuerDN.getName());
                        throw new CertPathValidatorException("The certificate " + x509Certificate.getSubjectDN().getName() + " is revoked by " + issuerDN.getName());
                    }
                    LOGGER.debug("CRLCertChecker.check: certificate OK, cheked against CRL");
                    return;
                }
            }
            if (this.m_crlRequired) {
                LOGGER.warn("No crl (even though it is required) found for the CA " + issuerDN.toString());
                throw new CertPathValidatorException("No crl (even though it is required) found for the CA " + issuerDN.toString());
            }
            LOGGER.debug("CRLCertChecker.check: certificate OK");
        } catch (Exception e) {
            LOGGER.debug("Certificate revocation checking failed: " + e.getMessage());
            throw new CertPathValidatorException(e.getMessage());
        }
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Set getSupportedExtensions() {
        return null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public void init(boolean z) throws CertPathValidatorException {
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public boolean isForwardCheckingSupported() {
        return true;
    }

    public Vector getCrls() {
        return this.m_crls;
    }

    public void setCrls(Vector vector) {
        this.m_crls = vector;
    }
}
